Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1832
  • Last Modified:

ISA replacement

Does anyone have a recommendation for a replacement of MS ISA server? Need reverse proxy functionality. Cheers
0
bozo1701
Asked:
bozo1701
4 Solutions
 
Jian An LimSolutions ArchitectCommented:
depends on your size.
TMG is the last version of reverse proxy for microsoft suite and they are not going to develop further their product.

outside microsoft you got plenty of choice depends on your size of company.
you can choose a software, or an appliance.

for example, but not limit to.

bluecoat

https://www.bluecoat.com/products/web-application-reverse-proxy

squid
http://wiki.squid-cache.org/SquidFaq/ReverseProxy
0
 
btanExec ConsultantCommented:
you can actually check on application delivery controller such as F5 Network, Citrix. The MS direct replacement is TMG/UAG but the TMG is going end of life in 2020, there feature not to be supported as
...there are some features that will suffer from degraded functionality beginning in 2016. Microsoft has announced that it will cease to support the URL Reputation Services (URS) that TMG relies on for web site categorization on December 31, 2015. Also, Microsoft will no longer produce anti-malware and Network Inspection System (NIS) signature updates past this date (although they will continue to function, albeit with outdate signature files).
Having said that there is other provider supporting TMG though such as Celestix MSA.  http://www.celestix.com/best-forefront-tmg-2010-replacement-forefront-tmg-2010/

Forefront UAG can be used to publish internal servers via Web portal or directly (similar to Forefront TMG). For website and VPN replacement use Direct Access, but do note that Direct Access is not a replacement of VPN in few scenarios, e.g. VPN for external workers who shouldn't access all services as company's workers. Of course we can implement several Direct Access implementations in one company, but external workers are enforced to have desktops in company's domain.

F5 Networks
http://www.f5.com/pdf/white-papers/microsoft-threat-management-gateway-alternatives-white-paper.pdf

NetScalar
http://www.citrix.com/content/dam/citrix/en_us/documents/products-solutions/netscaler-a-comprehensive-replacement-for-microsoft-forefront-threat-management-gateway.pdf

For your interest also in comparing Forefront UAG with TMG http://www.isaserver.org/articles-tutorials/general/Should-replace-TMG-firewalls-with-UAG.html
the key differences between TMG and UAG is to take a brief look at a few remote access features and how they differ (or don’t):

Application Intelligence and Publishing (UAG is better than TMG in most areas)
End Point Security (UAG is better than TMG in most areas)
SSL Tunneling (UAG is better than TMG in most areas)
Information Leakage Prevention (UAG is better than TMG in most areas)
Robust Authentication Support (KCD, ADFS, OTP) (UAG is more flexible)
Windows Server 2008, Native 64-Bit (same for both)
Product Certification (Common Criteria) (same for both)
NAP Integration (same for both)
Terminal Services Gateway Integration (easier to set up with UAG)
Web Farm Load Balancing (easier to set up with TMG)
Array Management (TMG more robust)
Enhanced Management and Monitoring (MOM Pack) (same for both)
Enhanced Mobile Solutions (UAG is better in most scenarios)
New and Customizable User Portal (N/A for TMG)
Wizard Driven Configuration (same for both)
0
 
btanExec ConsultantCommented:
There is Sophos UTM as a TMG Replacement from a UTM perspective too if it is a single proxy and may be optimal from mgmt perspective but the role and access control has to be thought through to ensure least privileges for such in one box.

http://www.isaserver.org/articles-tutorials/general/life-after-tmg-considering-sophos-utm-tmg-replacement-part1.html

One of the things that people really like about TMG is its application layer filtering, which allows you to control specific applications. Sophos UTM provides excellent visibility into the applications that are being used on your network and allows you to control access to them. You monitor Internet connections that are going through the firewall and you can see what’s happening as it happens, and set policies based on what you observe. You can also perform bandwidth shaping to give priority to certain business-critical applications.
0
 
nociSoftware EngineerCommented:
You can also build up a plain unix/linux box and use NGINX as a reverse proxy.
That would be the closest i can think of to getting to a ISA. including support for websockets etc.
Squid will miss out on that kind of processing.
0
 
bozo1701Author Commented:
Thanx all for your suggestions. They are all  a potential replacement it seems. Looks like we will go with the F5 solution - expensive but solid.
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now